SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Fail - IP-MONITORING DUAL ISP

    Posted 09-08-2019 11:43

    Guys could someone help me? I have an SRX300 with two ISPs. ISP 1 - VPN ISP 2 - Internet However when ISP2 fails ISP1 does not surf the internet.

     

    ip-monitoring {
        policy INTERNET-ISP2 {
            match {
                rpm-probe VR-UNTRUST-ISP2;
            }
            then {
                preferred-route {
                    route 0.0.0.0/0 {
                        next-hop 192.168.1.1;
                    }
                }
                interface lo0.20 {
                    disable;
                }
            }
        }
        policy INTERNET-ISP1 {
            match {
                rpm-probe VR-UNTRUST-ISP1;
            }
            then {
                interface lo0.10 {
                    disable;
                }
            }
        }
    }
}

     

    When I run the command: show services ip-monitoring status

    Policy - INTERNET-ISP1 (Status: FAIL)
  RPM Probes:
    Probe name             Test Name       Address          Status
    ---------------------- --------------- ---------------- ---------
    VR-UNTRUST-ISP1        GOOGLE          8.8.4.4          FAIL
    VR-UNTRUST-ISP1        REGISTRO-BR     200.160.2.3      FAIL
  Interface-Action:
    interface         policy action   admin state action status
    ----------------- --------------- ----------- -----------------
    lo0.10            Disable         DOWN        FAILOVER

Policy - INTERNET-ISP2 (Status: FAIL)
  RPM Probes:
    Probe name             Test Name       Address          Status
    ---------------------- --------------- ---------------- ---------
    VR-UNTRUST-ISP2        GOOGLE          8.8.4.4          FAIL
    VR-UNTRUST-ISP2        REGISTRO-BR     200.160.2.3      FAIL
  Route-Action:
    route-instance    route             next-hop         state
    ----------------- ----------------- ---------------- -------------
    inet.0            0.0.0.0/0         192.168.1.1      APPLIED
  Interface-Action:
    interface         policy action   admin state action status
    ----------------- --------------- ----------- -----------------
    lo0.20            Disable         DOWN        FAILOVER

    Now it is browsing normally, if ISP2 fails it remains connected, if ISP1 Failure vpn becomes active but does not surf the internet.

     


    #dualisp
    #ip-monitoring
    #Fail


  • 2.  RE: Fail - IP-MONITORING DUAL ISP

     
    Posted 09-08-2019 22:31

    What will be the deafult route to be programmed in your case in the event of ISP-2 down?

     

     



  • 3.  RE: Fail - IP-MONITORING DUAL ISP

    Posted 09-09-2019 04:21 
    Then you should surf the internet through ISP1.


  • 4.  RE: Fail - IP-MONITORING DUAL ISP
    Best Answer

     
    Posted 09-09-2019 08:33
      |   view attached

    Hi Leetrix 

    I don't have your exact requirement detail but i understand what you are trying to do. 

    You can achieve this by configuring RPM probe to detect the reachability and then using that in event-options policy to configure/delete particular static route.

     

    I have configured and verified this scenario in lab on MX router, please refer the attachment. please change the IPs to match your setup.

     

    Please accept my response as solution if it solves your query! Kouds are appreciated too 

    Thanks
    Vishal